Proposal: --secret-prefix and key transformation support for infisical run #113
Description
Just wanted to start a discussion around improving infisical run for Terraform workflows
Terraform expects variables to be passed as env vars with the TF_VAR_ prefix and snake_case lowercase keys(common pattern).
Mostly to store secrets we use UPPER_SNAKE_CASE which leads to
- Renaming secrets just for Terraform
- Wrapper scripts to transform env vars
- Extra workarounds for similar workflows
- Opt-in --secret-prefix flag
infisical run --secret-prefix=TF_VAR_ terraform apply - Optional key transformation
Add a transformation flag to handle naming conventions:--transform-secret-key=lowercase|snakecase|kebabcaseDB_PASSWORD → TF_VAR_db_password
Why this helps?
- Seamless Terraform usage or other usecases
- No secret renaming
- No wrapper scripts
Aligns with common IaC + secret management patterns